[AutoPR- Security] Patch libssh for CVE-2025-8277 [LOW] (microsoft#14656)

azurelinux-security · archana25-ms · web-flow · commit 1e446f1665fd · 2025-11-12T14:26:26.000+05:30
Co-authored-by: Archana Shettigar &lt;v-shettigara@microsoft.com&gt;
diff --git a/SPECS/libssh/CVE-2025-8277.patch b/SPECS/libssh/CVE-2025-8277.patch
@@ -0,0 +1,167 @@
+From b1207905f9194d5bfa17393e605987f158e9448b Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Thu, 11 Sep 2025 16:00:02 +0000
+Subject: [PATCH] CVE-2025-8277: Avoid leaking ECDH keys and free previous
+ DH/ECDH contexts; adjust packet filter for DH-GEX guess; free previously
+ allocated pubkeys
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://git.libssh.org/projects/libssh.git/patch/?id=1c763e29d138db87665e98983f468d2dd0f286c1 https://git.libssh.org/projects/libssh.git/patch/?id=8e4d67aa9eda455bfad9ac610e54b7a548d0aa08 https://git.libssh.org/projects/libssh.git/patch/?id=266174a6d36687b65cf90174f06af90b8b27c65f https://git.libssh.org/projects/libssh.git/patch/?id=87db2659ec608a977a63eea529f17b9168388d73
+---
+ src/dh_crypto.c       |  5 +++++
+ src/dh_key.c          |  5 +++++
+ src/ecdh_crypto.c     | 11 +++++++++++
+ src/ecdh_gcrypt.c     |  8 ++++++++
+ src/ecdh_mbedcrypto.c |  7 +++++++
+ src/packet.c          |  2 ++
+ src/wrapper.c         | 10 +++++++++-
+ 7 files changed, 47 insertions(+), 1 deletion(-)
+
+diff --git a/src/dh_crypto.c b/src/dh_crypto.c
+index 9ff7ad3..325c568 100644
+--- a/src/dh_crypto.c
++++ b/src/dh_crypto.c
+@@ -407,6 +407,11 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
+     struct dh_ctx *ctx = NULL;
+     int rc;
+ 
++    /* Cleanup any previously allocated dh_ctx */
++    if (crypto->dh_ctx != NULL) {
++        ssh_dh_cleanup(crypto);
++    }
++
+     ctx = calloc(1, sizeof(*ctx));
+     if (ctx == NULL) {
+         return SSH_ERROR;
+diff --git a/src/dh_key.c b/src/dh_key.c
+index 20d24a3..d9743ce 100644
+--- a/src/dh_key.c
++++ b/src/dh_key.c
+@@ -237,6 +237,11 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
+     struct dh_ctx *ctx = NULL;
+     int rc;
+ 
++    /* Cleanup any previously allocated dh_ctx */
++    if (crypto->dh_ctx != NULL) {
++        ssh_dh_cleanup(crypto);
++    }
++
+     ctx = calloc(1, sizeof(*ctx));
+     if (ctx == NULL) {
+         return SSH_ERROR;
+diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
+index 069b137..8ad9bbf 100644
+--- a/src/ecdh_crypto.c
++++ b/src/ecdh_crypto.c
+@@ -219,7 +219,19 @@ int ssh_client_ecdh_init(ssh_session session){
+       return SSH_ERROR;
+   }
+ 
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++    /* Replacing "#if OPENSSL_VERSION_NUMBER < 0x30000000L" as follows since we do not use OPENSSL_VERSION_NUMBER defines" */ 
++#if 1
++        EC_KEY_free(session->next_crypto->ecdh_privkey);
++#else
++        EVP_PKEY_free(session->next_crypto->ecdh_privkey);
++#endif
++        session->next_crypto->ecdh_privkey = NULL;
++    }
++
+   session->next_crypto->ecdh_privkey = key;
++  ssh_string_free(session->next_crypto->ecdh_client_pubkey);
+   session->next_crypto->ecdh_client_pubkey = client_pubkey;
+ 
+   /* register the packet callbacks */
+diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
+index 3d9d426..918b0f5 100644
+--- a/src/ecdh_gcrypt.c
++++ b/src/ecdh_gcrypt.c
+@@ -101,8 +101,16 @@ int ssh_client_ecdh_init(ssh_session session)
+         goto out;
+     }
+ 
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++        gcry_sexp_release(session->next_crypto->ecdh_privkey);
++        session->next_crypto->ecdh_privkey = NULL;
++    }
++
+     session->next_crypto->ecdh_privkey = key;
+     key = NULL;
++
++    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+     client_pubkey = NULL;
+ 
+diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
+index dda7392..351aa65 100644
+--- a/src/ecdh_mbedcrypto.c
++++ b/src/ecdh_mbedcrypto.c
+@@ -70,6 +70,12 @@ int ssh_client_ecdh_init(ssh_session session)
+         return SSH_ERROR;
+     }
+ 
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++        mbedtls_ecp_keypair_free(session->next_crypto->ecdh_privkey);
++        SAFE_FREE(session->next_crypto->ecdh_privkey);
++    }
++
+     session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
+     if (session->next_crypto->ecdh_privkey == NULL) {
+         return SSH_ERROR;
+@@ -110,6 +116,7 @@ int ssh_client_ecdh_init(ssh_session session)
+         goto out;
+     }
+ 
++    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+     client_pubkey = NULL;
+ 
+diff --git a/src/packet.c b/src/packet.c
+index ea73f9a..dfb8b01 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -294,6 +294,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
+          *   or session_state == SSH_SESSION_STATE_INITIAL_KEX
+          * - dh_handshake_state == DH_STATE_INIT
+          *   or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
++         *   or dh_handshake_state == DH_STATE_REQUEST_SENT (dh-gex)
+          *   or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
+          *
+          * Transitions:
+@@ -313,6 +314,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
+ 
+         if ((session->dh_handshake_state != DH_STATE_INIT) &&
+             (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
++            (session->dh_handshake_state != DH_STATE_REQUEST_SENT) &&
+             (session->dh_handshake_state != DH_STATE_FINISHED))
+         {
+             rc = SSH_PACKET_DENIED;
+diff --git a/src/wrapper.c b/src/wrapper.c
+index d317dc4..1f8cf84 100644
+--- a/src/wrapper.c
++++ b/src/wrapper.c
+@@ -190,9 +190,17 @@ void crypto_free(struct ssh_crypto_struct *crypto)
+ #endif /* OPENSSL_VERSION_NUMBER */
+ #elif defined HAVE_GCRYPT_ECC
+         gcry_sexp_release(crypto->ecdh_privkey);
+-#endif
++#elif defined HAVE_LIBMBEDCRYPTO
++        mbedtls_ecp_keypair_free(crypto->ecdh_privkey);
++        SAFE_FREE(crypto->ecdh_privkey);
++#endif /* HAVE_LIBGCRYPT */
+         crypto->ecdh_privkey = NULL;
+     }
++#endif
++#ifdef HAVE_LIBCRYPTO
++    EVP_PKEY_free(crypto->curve25519_privkey);
++#elif defined(HAVE_GCRYPT_CURVE25519)
++    gcry_sexp_release(crypto->curve25519_privkey);
+ #endif
+     SAFE_FREE(crypto->dh_server_signature);
+     if (crypto->session_id != NULL) {
+-- 
+2.45.4
+
diff --git a/SPECS/libssh/libssh.spec b/SPECS/libssh/libssh.spec
@@ -2,7 +2,7 @@ Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Name:           libssh
 Version:        0.10.6
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -17,6 +17,7 @@ Patch1:         CVE-2025-5372.patch
 Patch2:         CVE-2025-5351.patch
 Patch3:         CVE-2025-5318.patch
 Patch4:         CVE-2025-4878.patch
+Patch5:         CVE-2025-8277.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -150,6 +151,9 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
+* Thu Sep 11 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 0.10.6-4
+- Patch for CVE-2025-8277
+
 * Fri Jul 25 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 0.10.6-3
 - Patch for CVE-2025-4878
 
